Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-04 04:06:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

netfilter: nfnetlink_queue: unbreak SCTP traffic

Browse Source 
when packet is enqueued with nfqueue and GSO is enabled, checksum
calculation has to take into account the protocol, as SCTP uses a
32 bits CRC checksum.

Enter skb_gso_segment() path in case of SCTP GSO packets because
skb_zerocopy() does not support for GSO_BY_FRAGS.

Joint work with Pablo.

Signed-off-by: Antonio Ojea <aojea@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Antonio Ojea 2024-06-27 13:27:10 +02:00 committed by Pablo Neira Ayuso
parent 1bf8e07c38
commit 26a77d0289
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
net/core/dev.c
View File

@ -3386,6 +3386,7 @@ int skb_crc32c_csum_help(struct sk_buff *skb)
out: out:
return ret; return ret;
} }
EXPORT_SYMBOL(skb_crc32c_csum_help);
__be16 skb_network_protocol(struct sk_buff *skb, int *depth) __be16 skb_network_protocol(struct sk_buff *skb, int *depth)
{ {

12
net/netfilter/nfnetlink_queue.c
View File

@ -540,6 +540,14 @@ static int nfqnl_put_bridge(struct nf_queue_entry *entry, struct sk_buff *skb)
return -1; return -1;
} }
static int nf_queue_checksum_help(struct sk_buff *entskb)
{
if (skb_csum_is_sctp(entskb))
return skb_crc32c_csum_help(entskb);
return skb_checksum_help(entskb);
}
static struct sk_buff * static struct sk_buff *
nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
struct nf_queue_entry *entry, struct nf_queue_entry *entry,
@ -602,7 +610,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
case NFQNL_COPY_PACKET: case NFQNL_COPY_PACKET:
if (!(queue->flags & NFQA_CFG_F_GSO) && if (!(queue->flags & NFQA_CFG_F_GSO) &&
entskb->ip_summed == CHECKSUM_PARTIAL && entskb->ip_summed == CHECKSUM_PARTIAL &&
skb_checksum_help(entskb)) nf_queue_checksum_help(entskb))
return NULL; return NULL;
data_len = READ_ONCE(queue->copy_range); data_len = READ_ONCE(queue->copy_range);
@ -1014,7 +1022,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
break; break;
} }
if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(skb)) if (!skb_is_gso(skb) || ((queue->flags & NFQA_CFG_F_GSO) && !skb_is_gso_sctp(skb)))
return __nfqnl_enqueue_packet(net, queue, entry); return __nfqnl_enqueue_packet(net, queue, entry);
nf_bridge_adjust_skb_data(skb); nf_bridge_adjust_skb_data(skb);